pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2dae4da41e
vuln-list-alt/oval/c10f1/ALT-PU-2021-1569/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

267 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211569",
"Version": "oval:org.altlinux.errata:def:20211569",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1569: package `gpac` update to version 1.0.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1569",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1569",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-01659",
"RefURL": "https://bdu.fstec.ru/vul/2022-01659",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01662",
"RefURL": "https://bdu.fstec.ru/vul/2022-01662",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01862",
"RefURL": "https://bdu.fstec.ru/vul/2022-01862",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01869",
"RefURL": "https://bdu.fstec.ru/vul/2022-01869",
"Source": "BDU"
},
{
"RefID": "CVE-2020-23928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-23928",
"Source": "CVE"
},
{
"RefID": "CVE-2020-23930",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-23930",
"Source": "CVE"
},
{
"RefID": "CVE-2020-23931",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-23931",
"Source": "CVE"
},
{
"RefID": "CVE-2020-23932",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-23932",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32268",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32268",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32269",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32269",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32270",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32270",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32271",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32271",
"Source": "CVE"
},
{
"RefID": "CVE-2021-40592",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40592",
"Source": "CVE"
}
],
"Description": "This update upgrades gpac to version 1.0.1-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01659: Уязвимость функции gf_fprintf компонента os_file.c мультимедийной платформы GPAC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-01662: Уязвимость функции DumpRawUIConfig компонента odf_dump.c мультимедийной платформы GPAC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-01862: Уязвимость функции vwid_box_del компонента box_code_base.c мультимедийной платформы GPAC, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01869: Уязвимость функции ilst_item_box_dump компонента box_dump.c мультимедийной платформы GPAC, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-23928: An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.\n\n * CVE-2020-23930: An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.\n\n * CVE-2020-23931: An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.\n\n * CVE-2020-23932: An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.\n\n * CVE-2021-32268: Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1.\n\n * CVE-2021-32269: An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.\n\n * CVE-2021-32270: An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.\n\n * CVE-2021-32271: An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution.\n\n * CVE-2021-40592: GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-03-29"
},
"Updated": {
"Date": "2021-03-29"
},
"BDUs": [
{
"ID": "BDU:2022-01659",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01659",
"Impact": "High",
"Public": "20200904"
},
{
"ID": "BDU:2022-01662",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01662",
"Impact": "High",
"Public": "20200815"
},
{
"ID": "BDU:2022-01862",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-01862",
"Impact": "Low",
"Public": "20210920"
},
{
"ID": "BDU:2022-01869",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-01869",
"Impact": "Low",
"Public": "20200813"
}
],
"CVEs": [
{
"ID": "CVE-2020-23928",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-23928",
"Impact": "High",
"Public": "20210421"
},
{
"ID": "CVE-2020-23930",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-23930",
"Impact": "Low",
"Public": "20210421"
},
{
"ID": "CVE-2020-23931",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-23931",
"Impact": "High",
"Public": "20210421"
},
{
"ID": "CVE-2020-23932",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-23932",
"Impact": "Low",
"Public": "20210421"
},
{
"ID": "CVE-2021-32268",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32268",
"Impact": "High",
"Public": "20210920"
},
{
"ID": "CVE-2021-32269",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32269",
"Impact": "Low",
"Public": "20210920"
},
{
"ID": "CVE-2021-32270",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32270",
"Impact": "Low",
"Public": "20210920"
},
{
"ID": "CVE-2021-32271",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32271",
"Impact": "High",
"Public": "20210920"
},
{
"ID": "CVE-2021-40592",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40592",
"Impact": "Low",
"Public": "20220608"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211569001",
"Comment": "gpac is earlier than 1:1.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211569002",
"Comment": "libgpac is earlier than 1:1.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211569003",
"Comment": "libgpac-devel is earlier than 1:1.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211569004",
"Comment": "mp4box is earlier than 1:1.0.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink